Medium: autofs

Issue Overview: It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system...

Cisco Cloud Services Router 1000V Command Injection Vulnerability

Cisco IOS on Cloud Services Router CSR 1000V is a Cisco operating system that runs on the Cisco 1000V family of cloud services routers. A security vulnerability exists in the publish-event event-manager feature of Cisco IOS Release 15.52S and Release 15.53S on Cisco CSR 1000V devices. A local...

CentOS 7 : autofs (CESA-2015:2417)

Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

autofs security update

CentOS Errata and Security Advisory CESA-2015:2417 Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability...

Imgur: Imgur dev environments facing the Internet

A security group configuration error allowed Imgur development environments to face the public internet. Typically these environments were protected behind a special endpoint which would open access to authenticated Imgur employees for a short time window. Since the development environments were...

autofs: priv escalation via interpreter load path for program based automount maps

It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system...

DSA-3355-2 libvdpau - regression update

Bulletin has no description...

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

CVE-2007-3205

The parsestr function in 1 PHP, 2 Hardened-PHP, and 3 Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the...

SUSE: Security Advisory for bash (SUSE-SU-2014:1212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mac OS X rsh Environment Variables Privilege Elevation

Added: 10/15/2015 CVE: CVE-2015-5889 Background The remotecmds component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network. Problem The rsh binary in the remotecmds component of Mac OS X versions prior to 10.11...

Mac OS X rsh Environment Variables Privilege Elevation

Added: 10/15/2015 CVE: CVE-2015-5889 Background The remotecmds component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network. Problem The rsh binary in the remotecmds component of Mac OS X versions prior to 10.11...

Mac OS X rsh Environment Variables Privilege Elevation

Added: 10/15/2015 CVE: CVE-2015-5889 Background The remotecmds component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network. Problem The rsh binary in the remotecmds component of Mac OS X versions prior to 10.11...

Mac OS X rsh Environment Variables Privilege Elevation

Added: 10/15/2015 CVE: CVE-2015-5889 Background The remotecmds component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network. Problem The rsh binary in the remotecmds component of Mac OS X versions prior to 10.11...

SUSE: Security Advisory for bash (SUSE-SU-2014:1213-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-5889

rsh in the remotecmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables...

Code injection

rsh in the remotecmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables...

CVE-2015-5889

rsh in the remotecmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables...

CVE-2015-5889

CVE-2015-5889 affects Apple macOS prior to 10.11, where the rsh component in the remote_cmds area allows local users to elevate privileges to root via environment variable vectors. Public details confirm a local-privilege-escalation path, with exploit-publications and PoC modules targeting the OS...